yii框架下的 RBAC權限控制，五表

基於數據庫的

1，首先，在組件中配置Rbac 如下所示(common/config/main-local.php或者main.php)

'authManager' => [
    'class' => 'yii\rbac\DbManager',
    'itemTable' => 'auth_item',
    'assignmentTable' => 'auth_assignment',
    'itemChildTable' => 'auth_item_child',
],

 

2，創建許可Permiassion

//將許可入庫
    public function actionAddp()
    {
        $info = yii::$app->request->post('Rabc');
        $item = $info['permiassion'];
        $auth = Yii::$app->authManager;
           $createPost = $auth->createPermission($item);
        $createPost->description = '創建了 ' . $item . ' 許可';
        $auth->add($createPost);
        //創建許可成功后，跳轉到添加角色頁面
        $model = new Rabc();
        return $this->render('add_r',['model'=>$model]);
    }

 

3，創建角色roles

//將角色入庫
    public function actionAddr()
    {
        $info = yii::$app->request->post('Rabc');
        $item = $info['roles'];
        $auth = Yii::$app->authManager;
        $role = $auth->createRole($item);
        $role->description = '創建了 ' . $item . ' 角色';
        $auth->add($role);
        //角色入庫成功后，給角色分配權限
        return $this->redirect("?r=rabc/allotrole");

    }

 

4，給角色分配許可

public function actionAllotrole()
    {
        $model = new Rabc();
        
        //將所有角色查詢出來
        $roles = Rabc::find()->where(['type'=> 1])->asArray()->all();
        $roles = Form::users($roles);
        //將所有權限查詢出來
        $permiassion = Rabc::find()->where(['type'=> 2])->asArray()->all();
        $permiassion = Form::users($permiassion);
        // print_r($permiassion);
        return $this->render('allotrole',['model'=>$model,'roles'=>$roles,'permiassion'=>$permiassion]);

    }

//將角色分配到的權限對應入庫
    public function actionDoallotrole()
    {
        $info = yii::$app->request->post('Rabc');
        $roles = $info['roles'];
        $permiassion = $info['permiassion'];

        $auth = Yii::$app->authManager;
        $parent = $auth->createRole($roles);
        foreach ($permiassion as $key => $value) {
            
        $child = $auth->createPermission($value);
        $auth->addChild($parent, $child);
        //入庫后 給用戶分配角色
        return $this->redirect("?r=rabc/doallot");
        }
    }

 

5，給角色分配用戶

//給用戶分配角色
    public function actionDoallot()
    {
        $model = new Rabc();
        //查詢出所有用戶
        $users = (new Query())->select(['id','username'])->from('user')->all();
        //查詢出所有角色
        $roles = Rabc::find()->where(['type'=>1])->asArray()->all();
        $roles = Form::users($roles);
        $users = Form::droplist($users);
        return $this->render('userrole',['model'=>$model,'roles'=>$roles,'users'=>$users]);
    }

//將用戶對應的角色 入庫
    public function actionDouserrole()
    {
        $auth = Yii::$app->authManager;
        $info = yii::$app->request->post('Rabc');
        $users = $info['users'];
        $roles = $info['roles'];
        foreach ($roles as $key => $value) {
            
        $reader = $auth->createRole($value);
        $auth->assign($reader, $users);
        }
    }

 

6，驗證用戶是否有權限

public function beforeAction($action)
    {
        $action = Yii::$app->controller->action->id;
        if(\Yii::$app->user->can($action)){
            return true;
        }else{
            throw new \yii\web\UnauthorizedHttpException('對不起，您現在還沒獲此操作的權限');
        }
    }

 

7，隨便寫方法驗證

 

---------建表----------

/**
 * Database schema required by \yii\rbac\DbManager.
 *
 * @author Qiang Xue <qiang.xue@gmail.com>
 * @author Alexander Kochetov <creocoder@gmail.com>
 * @link http://www.yiiframework.com/
 * @copyright 2008 Yii Software LLC
 * @license http://www.yiiframework.com/license/
 * @since 2.0
 */

drop table if exists `auth_assignment`;
drop table if exists `auth_item_child`;
drop table if exists `auth_item`;
drop table if exists `auth_rule`;

create table `auth_rule`
(
   `name`                 varchar(64) not null,
   `data`                 text,
   `created_at`           integer,
   `updated_at`           integer,
    primary key (`name`)
) engine InnoDB;

create table `auth_item`
(
   `name`                 varchar(64) not null,
   `type`                 integer not null,
   `description`          text,
   `rule_name`            varchar(64),
   `data`                 text,
   `created_at`           integer,
   `updated_at`           integer,
   primary key (`name`),
   foreign key (`rule_name`) references `auth_rule` (`name`) on delete set null on update cascade,
   key `type` (`type`)
) engine InnoDB;

create table `auth_item_child`
(
   `parent`               varchar(64) not null,
   `child`                varchar(64) not null,
   primary key (`parent`, `child`),
   foreign key (`parent`) references `auth_item` (`name`) on delete cascade on update cascade,
   foreign key (`child`) references `auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;

create table `auth_assignment`
(
   `item_name`            varchar(64) not null,
   `user_id`              varchar(64) not null,
   `created_at`           integer,
   primary key (`item_name`, `user_id`),
   foreign key (`item_name`) references `auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;

user表用yii框架自帶的

DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `auth_key` varchar(32) NOT NULL,
  `password_hash` varchar(255) NOT NULL,
  `password_reset_token` varchar(255) DEFAULT NULL,
  `email` varchar(255) NOT NULL,
  `role` smallint(6) NOT NULL DEFAULT '10',
  `status` smallint(6) NOT NULL DEFAULT '10',
  `created_at` int(11) NOT NULL,
  `updated_at` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;